Patching bootchain

First we need to decrypt iBSS and iBEC.

img4 -i iBSS* -o ibss.dec -k ivkey -D

img4 -i iBEC* -o ibec.dec -k ivkey -D

Now we need to extract iBSS and iBEC to raw.

img4tool -e -o ibec.raw ibec.dec

img4tool -e -o ibss.raw ibss.dec

Now we need to patch extracted iBSS and iBEC using iBoot64Patcher.

iBoot64Patcher ibec.raw ibec.patched -b "rd=disk0s1s3 -v"

iBoot64Patcher ibss.raw ibss.patched

Now you need repack iBSS and iBEC back to im4p and then convert it to img4 using img4tool.

img4tool -p ibec.im4p --tag ibec --info ibec ibec.patched

img4tool -p ibss.im4p --tag ibss --info ibss ibss.patched

Convert it to img4.

img4tool -p ibec.im4p -c ibec.img4 -s blob.shsh2

img4tool -p ibss.im4p -c ibss.img4 -s blob.shsh2

After you do it iBSS and iBEC is done !
Now we need to convert devicetree and kernel to img4 and change their tags.

img4tool -p DeviceTree* -c devicetree.img4 -s blob.shsh2

img4tool -p kernelcache* -c kernel.img4 -s blob.shsh2

Now we need update devicetree and kernel tags.

Here is how it should look. After you do this devicetree is done. We need to change kernel tag too.

After you do this kernel is done ! Save it of course.
That's it ! You can now proceed to last step !
First boot